1 reply to this topic

[eyecre8]

Please Login or Register to see this Hidden Content

 

Please Login or Register to see this Hidden Content

  39.25KB   51 downloads

John: Hey, want to play a game online with me? I know this great word game in which we can all play against each other from our phones!

Rachel: Awesome! I'll install it. What's it called?

John: It's called 'Game X'. Download it from the play store and accept the agreement and permissions.

Rachel: Permissions? Permissions to do what?

John: Don't worry... it's the typical set of permissions that all of the games now require in order to play properly on your phone.

Rachel: Oh, OK.

Now I know you readers aren't ALL a bunch of noobs. Lets be honest though, how many of you have turned a blind eye to those odd sounding permissions either because you feel ignorance is bliss, or you simply don't understand what the apps are doing behind the scenes with those rights?

Please Login or Register to see this Hidden Content

 

Please Login or Register to see this Hidden Content

  6.4KB   72 downloads

Guilty as charged! I've done it more often than I care to admit. What did I really just do though? What did I agree to in exchange for minutes, hours, days of mind numbing pacification? I'm pleased to announce it wasn't your soul or first born. But as this is the digital realm, its not too far off.

App developers have come under quite a bit of fire as of late for mining personal data in exchange for that "free" app. In a recent test of Android Market apps, between 20-50% of all Android apps are sending private information to advertisers without the user being aware.

Google's response to this is that every user is advised upon installation that data will be shared and that warning is part of their developers terms of service. But who reads AND understands those long painful ToS agreements? Clicking on the 'Help' icon next to each permission gives a brief extremely high level overview of what that permission can do. That explanation does no such justice. I KNOW for fact there are those of you saying "SO WHAT!!!!! Who cares!"

Lets dive into some of these permissions and what they can do.... err.. I mean, the damage they can wreak.

So, the app wants 'Access to personal information'. It wants 'Access to read my contact data' so it can see everyone I have stored in there. By the way, that includes your work contacts, facebook friends, phonebook and email settings to boot! Do you sync your work contacts with your personal? This app will now be able to see their email addresses, phone numbers, names, company affiliation, IM screenames, and anything you have stored.

It can also WRITE this information! It can overwrite your boss' contact with its own email address so that all of your emails to your boss with, for instance, sensitive comments or reports are now going to someone else. I was wondering where all of this new SPAM was coming from! Your friends can thank you too.

The next permission, 'Services that cost you money' is a delightful one. It wants to be able to send SMS messages under that heading which means it can send them wherever it wants on my behalf and they will NEVER show up your Sent folder. BTW, that includes those fun and raunchy 900 numbers which cost a fair penny *bow chika wow wow*. The app wants to edit SMS. Reading my messages about my drunken debauchery this past weekend isn't enough apparently. With the Android, if you have the permission to receive SMS, you can receive them before your text messaging app does. Users will never see these incoming or outgoing messages.

Sounds like a great way to run a mobile botnet no?

Please Login or Register to see this Hidden Content

 

Please Login or Register to see this Hidden Content

  7.61KB   43 downloads

This app wants access to your GPS location. We say to ourselves this is no biggy as I keep my GPS off to save battery life. The other day I needed directions, popped on GPS for a few minutes. The app on my phone could see that I am now in Ohio and not in Florida. It shows that I am in fact NOT at home. BTW, and we'll touch upon this is another privacy related article:
DO NOT POST WHERE YOU ARE OR ALLOW Check-In's ON FACEBOOK!
When people know where you are, they know where you aren't! Good time to rob my house right?

This SUPER fun app wants to access and manage my accounts. Theoretically, it can log me out of my account, change my password, make it so only the phone alone can get onto my Twitter account.

MODIFY AND DELETE USB storage contents. Not such a bad idea if you saw some of the garbage pictures I took of myself and friends this past weekend *looks left...looks right incriminatingly*

Please Login or Register to see this Hidden Content

 

Please Login or Register to see this Hidden Content

  18.79KB   23 downloads

Lets recap:
This app wants to make phone calls, read my phone state and identity. Huh? What does that mean? That's when the personal identification number (your International Mobile Equipment Identifier or IMEI, that unique number to your phone which identifies you with a server and credit card among other things). What else? It wants to prevent my phone from sleeping. I get kinda irritated when people do this to me. The battery is GOD in the Android universe! Why prevent it from preserving the battery for its own selfish needs? Said application wants to write my sync settings. Next time I sync, I may have a nice little surprise there waiting for me! Maybe I will be lucky and be aware of its existence but odds are that I won't. Finally, it wants network communication so as to talk on the internet... to anyone...even when I am sleeping!

Feeling at all concerned yet? More to come and what you the user can do =)

Sources:
Privacy-pc.com/articles/bypassing-the-android-permission-model.html

Please Login or Register to see this Hidden Content

[Bologna]

Awesome article Eyecre8!
Hopefully everyone realizes that online security is VERY important and that it is not just limited to 1 operating system or another.